News

Qantas breach anniversary highlights rising cyber extortion threat

A year after Qantas confirmed one of Australia’s largest customer data breaches, cybersecurity experts are warning that the danger to consumers and businesses is continuing to grow.

The July 2025 cyber incident exposed data connected to millions of Qantas customers after a criminal gained access to a third party customer service platform used by one of the airline’s contact centres. Qantas later confirmed that compromised records included names, email addresses, Qantas Frequent Flyer numbers and, for some customers, addresses, dates of birth, phone numbers, gender and meal preferences. The airline said credit card details, personal financial information, passport details, passwords, PINs and login details were not accessed.

Although the absence of financial data offered some reassurance, privacy and scam experts say personal information remains highly valuable to criminals. Names, birthdates, addresses, phone numbers and loyalty account details can be used to make phishing messages, scam calls and impersonation attempts appear far more convincing.

The risk became more serious after stolen Qantas customer data was released on the dark web in October 2025. Maurice Blackburn, which has lodged a representative complaint with the Office of the Australian Information Commissioner, says the release affected 5.7 million customers and included dates of birth, phone numbers, addresses, emails and frequent flyer numbers.

The breach has also become part of a wider story about the professionalisation of cybercrime. Reporting linked the Qantas attack to Scattered Spider, a group known for social engineering tactics, including impersonating employees or technical support workers to gain access to corporate systems. In the months that followed, threat intelligence researchers reported the emergence of Scattered Lapsus$ Hunters, a hybrid criminal grouping involving members associated with Scattered Spider, Lapsus$ and ShinyHunters.

That alliance has been tied to large data theft and extortion campaigns, including activity linked to Salesforce environments. DarkOwl reported that the group launched a data leak site in October 2025 and sought to pressure companies affected by Salesforce related breaches. The same research said the group later claimed it was developing a ransomware as a service platform under the Scattered Lapsus$ Hunters brand.

The wider cyber extortion picture is deteriorating. Cybersecurity Dive reported that extortion related cyberattacks increased by roughly 63 per cent in 2025 to 6,800, citing Intel 471 analysis of dark web forums. The report said high profile groups, including alliances involving Scattered Spider, Lapsus$ and ShinyHunters, were among those drawing attention during the year.

For Australian consumers, the immediate concern is the secondary wave of scams that can follow a major breach. Criminals can combine stolen personal data with fake emails, phone calls and text messages to impersonate trusted organisations. The more accurate the information used in a scam, the more likely a victim is to believe the message is genuine.

Authorities have been pushing Australians to slow down before responding to suspicious contact. Scamwatch’s “Stop. Check. Protect.” guidance urges people to pause before sharing money or personal information, verify organisations through official websites or apps, and act quickly if they believe they have been compromised. Recommended steps include contacting banks, changing passwords, monitoring statements and credit reports, and reporting scams.

A new safeguard has also been introduced for text messages. From 1 July 2026, Australia’s SMS Sender ID Register requires unregistered branded text messages to be labelled “Unverified”. The register is designed to make it harder for criminals to impersonate organisations such as banks, retailers, Australia Post, the Australian Taxation Office and myGov.

The change gives consumers another warning signal, but experts caution that no single measure can stop scams entirely. Attackers continue to adapt, using social engineering, stolen credentials, malicious links, fake helpdesk calls and pressure tactics to bypass both technical controls and human caution.

Qantas has said additional security measures have been introduced since the incident, including stronger monitoring, tighter access controls and added protections for Frequent Flyer accounts. The company has also maintained a support line for customers affected by the cyber incident.

The Qantas breach is a reminder that cybersecurity is no longer just an IT department issue. It is a consumer protection issue, a business continuity issue and a personal safety issue. For organisations, staff training and stronger identity controls can reduce the risk of social engineering attacks. For individuals, better cyber awareness can make the difference between spotting a scam and handing over sensitive information.

The threat is not slowing down, so neither should your defences. Build the skills to recognise scams, understand attacker tactics and protect your personal and business data with The Hack Academy’s online training programme. The programme offers cybersecurity education with practical learning, virtual labs, quizzes and courses covering areas such as cyber security fundamentals, Linux, cryptography, networking, internet vulnerabilities, cloud security and penetration testing.

Take action before criminals do. Strengthen your cybersecurity defence today with The Hack Academy and turn awareness into practical protection.

Photo Credit: DepositPhotos.com

Leave a Reply

Your email address will not be published. Required fields are marked *